discordrat | hxxps://www[.]mediafire[.]com/file/0ss9321axytb3q0/ezyzip[.]zip/file

Analysis

max time kernel
73s
max time network
73s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2024 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/0ss9321axytb3q0/ezyzip.zip/file

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 2 IoCs

pid	Process
6036	builder.exe
5520	test.exe

Loads dropped DLL 2 IoCs

pid	Process
6036	builder.exe
6036	builder.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
428	discord.com
431	discord.com
427	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133734066295595948"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4772	chrome.exe
4772	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeRestorePrivilege	5804	7zG.exe
Token: 35	5804	7zG.exe
Token: SeSecurityPrivilege	5804	7zG.exe
Token: SeSecurityPrivilege	5804	7zG.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
5804	7zG.exe
3608	NOTEPAD.EXE

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4772 wrote to memory of 2944	4772	chrome.exe	85
PID 4772 wrote to memory of 2944	4772	chrome.exe	85
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 4092	4772	chrome.exe	86
PID 4772 wrote to memory of 1268	4772	chrome.exe	87
PID 4772 wrote to memory of 1268	4772	chrome.exe	87
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88
PID 4772 wrote to memory of 3972	4772	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/0ss9321axytb3q0/ezyzip.zip/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd56cdcc40,0x7ffd56cdcc4c,0x7ffd56cdcc58
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1792,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1660 /prefetch:2
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2452 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4732,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4576,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4860,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5176,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4424,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5568,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=6004,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=6056,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5804,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5340,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5320,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5312,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6996,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3276,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3132,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3148,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6284,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5232,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7204,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7220 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5416,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3852 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5480,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7376 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=4588,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7040,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6692,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6324,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7452,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7584 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7772,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7704 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5572,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6280,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=5468,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7240 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=8036,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8020,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8160 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7912,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7600,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8228,i,4163655001543170340,13981253647758827114,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7716 /prefetch:1
  2⤵
  PID:4112

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4460

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3512

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5908

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ezyzip\" -spe -an -ai#7zMap16102:74:7zEvent12851
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5804

C:\Users\Admin\Downloads\ezyzip\builder.exe
"C:\Users\Admin\Downloads\ezyzip\builder.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:6036

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\ezyzip\Nyt tekstdokument.txt
1⤵
- Suspicious use of FindShellTrayWindow
PID:3608

C:\Users\Admin\Downloads\ezyzip\test.exe
"C:\Users\Admin\Downloads\ezyzip\test.exe"
1⤵
- Executes dropped EXE
PID:5520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9cb5ba1f-d50d-40e1-b7cf-e36a87e4519a.tmp

Filesize
10KB

MD5
8313a1f6885d5226f601ab77ec9c8417

SHA1
3117b97535eb534098b1517a57d921fc48ec4558

SHA256
4b05e5b9253091663999b87b1aa1083c15067ee5a47353f38fe0348081b66828

SHA512
5869968cfc4adc404cbd022f101a949b974802cf503fd2241f498294bc21613ee745deac4691b818dd596d91839ae64cdfe3bb8ada08d37db84547a9333da9ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
eb63f7dcc69798f17cb7b66708a271f6

SHA1
dc13a6894af0e076bdd312b99d4a9ec75f1900ed

SHA256
de03597ab18e497bf3e14a833a9cafa1253ed1b1dc787a348827043ccbd6d46a

SHA512
3ea0a37f11939db00e0ce531eb785d7cb088ee3da7058bb4c47e58a468df6e6452d23372356bf6ce2a203ceb413f8572f54325c9c08e1167a455806ce5b3200f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1072502b74173a9009613917e37eebc4

SHA1
c03a85ee5629bf8e56c6bda3c0ee4fcd9c39cb64

SHA256
17cddc4f3ac349f6dd391cccdb48ebe9816b0101b8c56730e9c98a2ca63e7bf9

SHA512
b4f56b9d259ea1cb6238170234b2366107e6a2c1f19f58269f3b51b1ad6ebdc3b0c387d28a487dc97eee47c2ae33a9d836358d718d995b0e5d5ff809e9842be7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b9ecc291e7c086f6c1a63819a07667f4

SHA1
75d3698e504d4e20c0fcaf0ecceb0e7a50ef3e2f

SHA256
4c825064487d54bfb1b2d5205821aafd55a4401347e53c2109e3959c6bc2c43f

SHA512
939908fefd38d2d654f1549a942f2ad90dd74ce11dcd6f9ca1e86ff2f49748558473385a17519e2c553d461b87b1294c887a6b60e39ac3cb49986e9a6708fe28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5c1c4b1a-7b01-46bc-b9f5-fba0a6f99b70.tmp

Filesize
21KB

MD5
d0cc906135643165e5144bd269fa8d3f

SHA1
ded24d86b418bcfb6beb9a44c149740b00953bb8

SHA256
abb640f0706a2adbb21fed8daf431185222b071205fdae893ddb4a2d47c5d2aa

SHA512
429444c0bf12a201321c8ca03ab411984961b6492dc48012c822b039acccacc78cded5af4ce1c336047b725edf21a3e81f68b7f168bd563a7ab6004323385c9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3ecaaa7a955809e4883010cbb2d99baa

SHA1
6833e4a118d8d4a0278b82362e508d8347ede80a

SHA256
0e99165359f54bf8a56464892d58fd97610cf62c9bbf02ae19b294119ddd2554

SHA512
6dc093cdfcc1c6f6bf046a562093f44f7a77455614575a8e7da669588beb950f96c3e972eb964d42369b80cc031e6072d063b7b32c5f3fd680f9dcfb83d87348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c97fd982b0fba4ab47024f18c20cd914

SHA1
57824072fb6c65a0fae4be504e793bb54a708d1e

SHA256
ce66a7bbdd0d99de1d1a7548c1d12bc8f4c6ca31ff47799d66393f0a26e04b12

SHA512
467ae527315a8ada6796487ca495c6cbe8c81beffcf25afcd5c11e3fe4b22c3d0697ded7cd1673e9a86b9ea53e9d29eefcad91be50dd815fbd6b4783b77b59ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
39171fb202240dbd3e831183432fe428

SHA1
4164fb73e06385a13e10239c63b17e2f29dfbc2a

SHA256
41530ab94bdc41663203fdbc20de6258d2804936136492ec91cb81bd252b1380

SHA512
0ff08c458c2d18ef80137e05baf7b091100767be10fd0b0fe5a3ad4ed8200ce5824ec3ae7f20e8a0c09789bdf462db21caf27fae1db56eb52429256c5ba0df4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fc9f49eae0db69b9a5f4c5f9ace65342

SHA1
f2b3bb4dfe210cc6ee7398350e557a08514a78c6

SHA256
d71ecb37378dbd947bc661331bb3302eb1201f890251f88d65fe0ee7dfd62e8a

SHA512
90bc190282bb63405ef40311fa29b73fb3cf88a1852976a645a62cf022196c009a283525a1bdd2e8cf1ab5c8758a173f93bdb84796a4bb35b52128c304b8247e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5a2dee16a42f593b250c2555b4e7987c

SHA1
8effb025cb6f4926c919fdbfb9984096a6d9c186

SHA256
94d8d3992556f05b2ad32886726dd3401c0c4207e9ea09a718e4387d5327cbf3

SHA512
ce91bcecece7097381702937ac648079c2c18312504913c85c9430587ed2ef83886f9ea5acf5a69cc6bcb3c1c3a6f1d7bb1a3c7d3c8d26394bede49d8a94f49f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0661edff61e2743a8be3e7a8ec829709

SHA1
46d0e90963a915c6327a3191c9a10ebd98b30a80

SHA256
d7c28ff11d729e7c796846f40a705152ab667de6f69320f20cd53177afeafbef

SHA512
ed687cd615cd654c0311784c186cae18c4938bea49fa4cb60ee6d0bce90f5d630339d8d4c937d59e434fa2a1bb177d29470dd5dd6a4cbe5d15c0bab33f3c912b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e1a1bbbc0dba04901e47e02139670ca3

SHA1
2714a05385c43665fd50e26481e0bccf3c30746f

SHA256
5267d2b976aff3f47e6bd78e724ba409f6af84aa73c502fb4add9e368dfe22bb

SHA512
67706c58d39ac3046ad8024bb7e8469a62f9cc6782db45657b377145eb623ddb18c06b6fab54fb3798490a0aca8468d6792d7e5e3873530817d088d5e6d1bee8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
673864266324cf6f6555dfce888687cd

SHA1
2d324e6b5ff8ab0d4363fc6a419c2c4de1f24bc5

SHA256
ae2fb7ed422710119555a3063807f03515e329d0e535d93c844cab80934b4b2b

SHA512
a1703447fa73339b3d9a35fd015381038cd32ae088c18d1c82e88f7cbdd1f505d636b9cc2188aa65b490d5d433edaca2815cec1ddc6b14212ef8d420d04cf69f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
53ca89f3a1e047c660b9a6a67dc25976

SHA1
4efecfe9937a55561924f931de0c7344c382f206

SHA256
d2b58a5d2854d5c8fdb47fbf59f15d4fe115a171712cefc3ea97d6c6f6cfb92b

SHA512
ff4ee08ddd0eb21a7db2185468757bc32bcaae9f22c5b460e1dfd3e4916b5cc9f56baa2780a938cfb481603002f9d92f88508699a79c0de544c05c35db246618

Download Submit
C:\Users\Admin\Downloads\ezyzip.zip

Filesize
444KB

MD5
5e6eed58b5267e682f98311d183433a0

SHA1
9f36b221230e6befcf03c9712beab6692d17a2dc

SHA256
7839900bc86b372b1960869061ba050b2b56919dcdfb93a416a839443faf08fd

SHA512
c2f6983be32bd31f85707f6c137cc60925550a094e66e7031fc1139f238ff885450a1185ba7a173be8135a99d651f7b631d1b5a564f60f3124a5c2b7d26ae254

Download Submit
C:\Users\Admin\Downloads\ezyzip\Nyt tekstdokument.txt

Filesize
97B

MD5
80e56d3f156579193305e3b981d42552

SHA1
b5ac946025f7980514ce248c2080ab02a0e6f6e8

SHA256
da6b8b7cf3c128066ae01b9e374fb1fb89287dca82e4da9a34d0388522ff9e14

SHA512
f376af62d4bfa3d844ad5cb3ba696d3b93b9e26a5257d18e123ed81446f540dd54029983a23db26ce35c2e256ddb4bf2bd694fe61f44542af6395b8c7839a741

Download Submit
C:\Users\Admin\Downloads\ezyzip\Release\Discord rat.exe

Filesize
79KB

MD5
d13905e018eb965ded2e28ba0ab257b5

SHA1
6d7fe69566fddc69b33d698591c9a2c70d834858

SHA256
2bd631c6665656673a923c13359b0dc211debc05b2885127e26b0dce808e2dec

SHA512
b95bfdebef33ac72b6c21cdf0abb4961222b7efd17267cd7236e731dd0b6105ece28e784a95455f1ffc8a6dd1d580a467b07b3bd8cb2fb19e2111f1a864c97cb

Download Submit
C:\Users\Admin\Downloads\ezyzip\builder.exe

Filesize
10KB

MD5
4f04f0e1ff050abf6f1696be1e8bb039

SHA1
bebf3088fff4595bfb53aea6af11741946bbd9ce

SHA256
ded51c306ee7e59fa15c42798c80f988f6310ea77ab77de3d12dc01233757cfa

SHA512
94713824b81de323e368fde18679ef8b8f2883378bffd2b7bd2b4e4bd5d48b35c6e71c9f8e9b058ba497db1bd0781807e5b7cecfd540dad611da0986c72b9f12

Download Submit
C:\Users\Admin\Downloads\ezyzip\dnlib.dll

Filesize
1.1MB

MD5
508ccde8bc7003696f32af7054ca3d97

SHA1
1f6a0303c5ae5dc95853ec92fd8b979683c3f356

SHA256
4758c7c39522e17bf93b3993ada4a1f7dd42bb63331bac0dcd729885e1ba062a

SHA512
92a59a2e1f6bf0ce512d21cf4148fe027b3a98ed6da46925169a4d0d9835a7a4b1374ba0be84e576d9a8d4e45cb9c2336e1f5bd1ea53e39f0d8553db264e746d

Download Submit
C:\Users\Admin\Downloads\ezyzip\test.exe

Filesize
78KB

MD5
4b539f73683c95ee6c318f3d3c71d182

SHA1
6f19c1fe4cb0f497804a3e074bc9336a6d833217

SHA256
25fec16eaac4d5ef5903f9187d213cad78b7002d8821333fb02c700fed9cdfd7

SHA512
f28cd14f00bd978e53fefb03d4b889f0a5aaaa32f3356605e91f03ed8fcf5b7e2c3e31d7683c128d0d92da1523495507266509f72f8c7a56d0417b0a27af1af4

Download Submit
memory/5520-341-0x000001601C530000-0x000001601C548000-memory.dmp

Filesize
96KB

Download
memory/5520-342-0x0000016036BE0000-0x0000016036DA2000-memory.dmp

Filesize
1.8MB

Download
memory/5520-343-0x00000160372E0000-0x0000016037808000-memory.dmp

Filesize
5.2MB

Download
memory/6036-314-0x0000000006990000-0x0000000006AB2000-memory.dmp

Filesize
1.1MB

Download
memory/6036-272-0x0000000005580000-0x000000000558A000-memory.dmp

Filesize
40KB

Download
memory/6036-267-0x0000000005600000-0x0000000005692000-memory.dmp

Filesize
584KB

Download
memory/6036-266-0x0000000005BB0000-0x0000000006154000-memory.dmp

Filesize
5.6MB

Download
memory/6036-265-0x0000000000B80000-0x0000000000B88000-memory.dmp

Filesize
32KB

Download